Service providers receive login attempts from users wishing to gain access to sensitive information, such as bank accounts. Some users attempt to gain access to such information with credentials obtained fraudulently from a legitimate account holder.
Adaptive authentication techniques identify fraudulent users even though such users possess credentials to gain access to a legitimate user's account information. For example, each login attempt is received at the service provider at a particular time, and in many cases, a fraudulent user will send login attempts at times outside of those expected by a service provider. Existing adaptive authentication techniques compare information associated with a login attempt received by the service provider, such as the time of the login and a location from where the login originated, with a historical record of a typical user who exhibits some expected login behavior. For example, if a high percentage of prior login attempts received by the service provider from a particular user occur between the hours of 6 AM and 11 PM daily and from locations within the continental United States, then login attempts between 2 AM and 4 AM from locations across Eastern Europe, have a high risk of being a fraudulent user.
Adaptive authentication techniques apply a challenge to such risky transactions, where the riskiness estimation arrives from a fraud/genuine classifier. The answer to the challenge (e.g., a pass/fail result) is used to classify the transaction as being genuine or fraudulent and possibly to improve the accuracy of the model within a learning method, such as a Bayesian methodology. Hence, challenges mostly affect the classification of the specific transaction that invoked the challenge and the classifier results over non-challenged events are not necessarily improved.
A need therefore exists for techniques for improving classifier results in an Adaptive Authentication system.